- cross-posted to:
- programmerhumor@zerobytes.monster
- cross-posted to:
- programmerhumor@zerobytes.monster
You must log in or register to comment.
If you think docker/container are for security, you’re doing it wrong.
deleted by creator
Docker is not rootless. Is only safe as long as the container (or those web devs) doesn’t use
nsenteror anything similar to get root access outside of it ;)deleted by creator
Ah, my bad “again”… should have mentioned that there’s the advance configuration option that 1% of the geeks do
deleted by creator
Indeed. Also, I am concerned about self-hosting enthusiasts that install docker (without the advance rootless mode) and blindly run containers. Sometimes these containers are even made by third parties, independent of the app developers. Unfortunately, the supply chain there is up for grabs…
deleted by creator
Eight years old and still hits home for the most part. Nowadays though, what I get is mostly “we’re moving to Azure” from clients that have no business in the cloud. Some environments are just not possible to move to a cloud environment without a redesign from scratch.
Not a dev-ops guys, just how useful /useless is docker?
Honestly? Pretty fucking awesome if you get it configured correctly. I don’t think it’s super useful for production (I prefer chef/vagrant) but for dev boxes it’s incredible at producing consistent environments even on different OSes and architectures.
Anything that makes it less painful for a dev to destroy and rebuild an environment that’s corrupt or even just a bit spooky pays for itself almost immediately.
I don’t think it’s super useful for production (I prefer chef/vagrant)
Yeah!
Docker and OCI get abused a lot to thoughtlessly ship a copy of the developer’s laptop into production.
Life is so much simpler after taking the time to build thoughtful correct recipes in an orchestration tool.
Anything that makes it less painful for a dev to destroy and rebuild an environment that’s corrupt or even just a bit spooky pays for itself almost immediately.
Exactly. The learning curve is mean, but it’s worth it quickly as soon as the first mystery bug dies in a rebuild fire.
In my experience, very, but it’s also not magic. Being able to package an application with its environment and ship it to any machine that can run Docker is great but it doesn’t solve the fact that modern deployment architecture can become extremely complicated, and Docker adds another component that needs configuration and debugging to an already complicated stack.
And a new set of dependency problems depending on the base image. And then fighting layers both to optimize size, and with some image hubs, “why won’t it upload that one file change? It’s a different file now! The hashes can’t possibly be the same!” And having to find hackey ways to slap it so the correct files are in the correct places.
Then manipulating multi-arch manifests to work reliably for other devs in a cross-processor environment so they don’t have to know how the sausage works…
so they don’t have to know how the sausage
worksis made…
It’s a way to provide standard configuration for your programs without one configuration interfering with another.
Honestly, almost all alternatives work better. But docker is the one you can run on any system without large changes.
I think they’re really useful, there are alternatives that I think have feature parity at this point but the concepts of containerization are the same
Based and vagrant pilled.
A container in a container…
I’m feeling attacked.
